GnuPG高级指导（5）分发我的私钥（+签名）

（加密 + 签名，保证私钥的安全）

1 给debian8加密（再IDEA加密）并签名一份“我的私钥”

opensuse13:~ #

opensuse13:~ # gpg -r "debian8" -o FranklinYang.rsa.sec.key.sign.debian8.asc -a --se --cipher-algo IDEA FranklinYang.rsa.sec.key

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 276856F7, created 2016-11-25

gpg: IDEA encryption will be used

opensuse13:~ #

或者：

opensuse13:~ #

opensuse13:~ # gpg -a -r "debian8new" -u "FranklinYang" -o FranklinYang.sec.key.3des.sig.asc -se --cipher-algo 3DES FranklinYang.sec.key

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 276856F7, created 2016-11-25

gpg: CD540DDF: There is no assurance this key belongs to the named user

pub 2048R/CD540DDF 2016-11-26 debian8new

Primary key fingerprint: 8C29 6680 CD0F 8137 CC4E 77C9 9CF8 559D FE76 1741

Subkey fingerprint: 10DD BA9B BB81 15FE 7196 2F70 0036 4591 CD54 0DDF

It is NOT certain that the key belongs to the person named

in the user ID. If you *really* know what you are doing,

you may answer the next question with yes.

Use this key anyway? (y/N) y

opensuse13:~ #

opensuse13:~ # l FranklinYang.rsa.sec.key.sign.debian8.asc

-rw-r--r-- 1 root root 6352 Nov 26 00:40 FranklinYang.rsa.sec.key.sign.debian8.asc

opensuse13:~ #

opensuse13:~ # l FranklinYang.sec.key.3des.sig.asc

-rw-r--r-- 1 root root 7924 Nov 27 01:10 FranklinYang.sec.key.3des.sig.asc

opensuse13:~ #

opensuse13:~ # scp FranklinYang.rsa.sec.key.sign.debian8.asc franklin@192.168.19.132:/home/franklin/

franklin@192.168.19.132's password:

FranklinYang.rsa.sec.key.sign.debian8.asc 100% 6352 6.2KB/s 00:00

opensuse13:~ #

opensuse13:~ # scp FranklinYang.sec.key.3des.sig.asc franklin@debian8:/home/franklin/

franklin@debian8's password:

FranklinYang.sec.key.3des.sig.asc 100% 7924 7.7KB/s 00:00

opensuse13:~ #

2 给centos7加密并签名一份“我的私钥”

opensuse13:~ #

opensuse13:~ # gpg -u "FranklinYang" -r "centos7" -o FranklinYang.rsa.sec.key.sign.centos7.asc -a --sign -e FranklinYang.rsa.sec.key

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 276856F7, created 2016-11-25

gpg: CDA873F4: There is no assurance this key belongs to the named user

pub 2048g/CDA873F4 2016-11-25 centos7

Primary key fingerprint: EEB2 90CA E690 2DD5 2480 FA72 9E1B 26EB 28D4 14A1

Subkey fingerprint: 8997 4D45 4AB8 6F48 B0B6 322B B982 87D3 CDA8 73F4

It is NOT certain that the key belongs to the person named

in the user ID. If you *really* know what you are doing,

you may answer the next question with yes.

Use this key anyway? (y/N) y

opensuse13:~ #

opensuse13:~ # l FranklinYang.rsa.sec.key.sign.centos7.asc

-rw-r--r-- 1 root root 6332 Nov 26 00:41 FranklinYang.rsa.sec.key.sign.centos7.asc

opensuse13:~ #

opensuse13:~ # scp FranklinYang.rsa.sec.key.sign.centos7.asc franklin@192.168.19.150:/home/franklin/

franklin@192.168.19.150's password:

FranklinYang.rsa.sec.key.sign.centos7.asc 100% 6332 6.2KB/s 00:00

opensuse13:~ #

或者：

opensuse13:~ #

opensuse13:~ # gpg -a -r "centos7new" -u "FranklinYang" -o FranklinYang.sec.key.2centos7.3des.sig.asc -se --cipher-algo 3DES FranklinYang.sec.key

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 276856F7, created 2016-11-25

gpg: 903BE0F0: There is no assurance this key belongs to the named user

pub 2048R/903BE0F0 2016-11-26 centos7new

Primary key fingerprint: 7486 046A AAD2 00FF A177 126F 6AF6 D5FC F9F5 A616

Subkey fingerprint: 88DE 838A 874E CE34 9348 B9F6 A4D1 0BC6 903B E0F0

It is NOT certain that the key belongs to the person named

in the user ID. If you *really* know what you are doing,

you may answer the next question with yes.

Use this key anyway? (y/N) y

opensuse13:~ #

opensuse13:~ # scp FranklinYang.sec.key.2centos7.3des.sig.asc franklin@centos7:/home/franklin/

franklin@centos7's password:

FranklinYang.sec.key.2centos7.3des.sig.asc 100% 7924 7.7KB/s 00:00

opensuse13:~ #

3 在其他电脑上，解密“我的私钥”并验证签名

root@debian8:~#

root@debian8:~# gpg -d FranklinYang.rsa.sec.key.sign.debian8.asc

gpg: IDEA encrypted data

gpg: encrypted with 1 passphrase

-----BEGIN PGP PRIVATE KEY BLOCK-----

Version: GnuPG v2

lQIVBFg4PyYBEACTNyE3hnLtqHcGLQrjhh56yLtWiWJMxTeh26Xy378quxoGaLzC

JW9iOAq2AT67jdhYF6Lx7YE0YN1mPmzNhb8okhNdrP/wMxYHQB5mhxEeyLfPI6xG

HJ0gnDoHATmXteLTiWSxkPq这可是我的私钥啊。。。mgvJz+wi3ivtQmvP8Xzt79GX2mrE491Vr3KZV

B02cBO/Gdwimnnpsbm4aR+mpTRahQf6DlC3mO/c5+42NDFYgY0zX7haMLpLwc/Gn

dUDUdNvgFFWX9IhtnLf1VRFU0borjtBLaezDN5LaUYEkIK0UxRAOQRi6EDb//5Ar

uM/gOyZe0VK8cl9YFc1IZ2这可是我的私钥啊。。。R00Ugu7BsFCyhU5L9Y2t/BVOscghc1GACPFzS1+x

GKu7T7wvkN2ETTBXaMdAJsOh17IXInO9baYnQA4qEK1pYWzAK7bV0FkZ/wARAQAB

/gNlAkdOVQG0M0ZyYW5rbGluWWFuZyAoRW5jcnlwdCBSU0EgNDA5NikgPGFuZHlw

ZWtlckAxNjMuY29tPokCPwQTAQIAKQUCWDg/JgIbAwUJAMXBAAcLCQgHAwIBBhUI

AgkKCwQWAgMBAh4BA这可是我的私钥啊。。。Kf7uxj8bhzjqGb5bR6DmTuMmDmR6mQVu3BsGGeo

7xBTr7ygKArXTvEgm1EKjIeRcnueiw9Gwga8nSTL3VdpYFmNQWJaXDIH45J+TEX5

+P5H9b156eSJtk4PB1NNoGDjQvZep9KcQ5dqzrFXN8ft5wNg3Fg7My7hPzR7Dv/s

Qem1pfMxIpD5N/CBI5aVLvjcsfpb4TtJyOyblbIZsWXy0pQ4yXU1hI9zFthd2aLP

g7x28u3gRepFCCrsPfyYVzP2rXDIYN3kuKnvgtFHkl7fz1k9gIcU57HnbK0ATa70

HjykdE/DXQ4iQS6fnCxrnQc+BFg4PyYBEAC6ZGlyxWoTngc1pxLhp8z3BbFhas/5

eXPP7dLNP1OU0h/Yr4Ln2fdrAB/jetRmfUEuvO6D7NwFcclzzToUFaFbKMf7ZxP4

npzslUAvD3SIcWDJIkLXTxqkZDNPyUl+gSAHTDta3WSmT41AXiUBW4N1raGC1RmB

QiPpWhesFyWFOuCH1pw/0i21OxHZFNypnSRSqYd8oagIijXdCgD7/EZdAV8IKhjP

bLqmFnLfEiwy4rMzsxkghf/OtIcrt73TFhuXCgnnla8ukAhh7giEoO8AfBvyyakS

7XTPjGZokeF7ak/xeYrPptNm这可是我的私钥啊。。。wUNX96JKgb5bhpg1kp9qQGV4XeWgNahtTYkw

wUdCgwiu5S7zSQARAQAB/gMDAr27jk6nvmsq7nl6KrCV6q1KnBs5b0ozYMnUoZpm

mEhqFQ0AVCDxYOkSnTgHIPQRi9tPUnATuK//iqoBjTwQ1ufbg85OdnY57Gq4aVT0

IJsZcwgcGeWZf0gRN7DBxf2kVl8HhC+FyQ14+lDHN0OrxMKYttH1xpA50qnV9qUr

+fcae+nNSm1D9KyYRRGARByg/aGpCDr8ed27YY6ZtQYd+v2Xwm/PByl7o2VER4Sb

iGnw5Ezti4VWptWCuVLqFAem2fhAH94T2TjoWzO1Ar9/mh698bKOXqnPIm8MB5L2

DD6x/5uFinU9tXDaluOZL4S1OP6kcsheF19Jf01GNLLFV8VCdhR2jtqT3bom1T8B

uxAFt4GjKDf1OEUfiK58nuUS/B3Ud7SpSJ4jIgcQ9nq6s46TtLs93hPKLp0gPy9D

DSLYhoJtFd6TZ9QRD08QR52QKd3rm50maqXQC9s0zhsOcvIut0Ze3yxlQp04tg0G

BSbRv8AB7TtPWWft1YKz065w2BLnCWUqc2WxHXRWIcir+vmtAGKdkHFqRpbNABAf

/Ikfc8jGyf+LtuoDTmyCRG7Z这可是我的私钥啊。。。d2qvWUG23dQcHwXCMfb0H9St5+XgG108+MDm

tEovoMxl1B+vRb2VZh2rcRC7Lvo6r9Mbs7buOunBJQfqxC3y0AxHL5c6vHX6+7b3

fMIfI9L/jS2SC1+r888T4Hy4D2RyrB9kemsDFY7sM9ktq3aaXTUJLNPRdPyieOtx

N024vLR8llBVa3Joz29XBwhaGYViL01APQBDrVFsG/ziezxhgKiLFTAV6GQm2wdO

QpYTkQgbLEHYMk7CHpgfucCAIMEEI/m1ATmaEzcMQhEQoNiZ2mGjhlgXZBJwuSAg

4t3hh8jbsdFb2OCMbKzyib8pTQQ6H3cdQfEHV65ZSyj53L4XWonFLauxnwJVRRcj

PXTna3BzUqJvWkLz5pvDN/JP8这可是我的私钥啊。。。tob7lWFow5vc3U3AcS4m9bSFaLwkkfNn78

rd6XYC6EqZmzY2uTv4gbBSvl9slW+bmsuEjHWHy12dagdok8JsxufJZcbaDblP78

iQIlBBgBAgAPBQJYOD8mAhsMBQkAxcEAAAoJEI2keVQnaFb3NKIP/jCs07cOx7Zs

bhO30vzpb1P3kaMzWHIVNN3H+HyGQaaUfF49J66TWQ5x8GKCVraqR14FBqHIJEh3

NkhgkdOMlFJQDbdpAfJoSAlNzc9aAoGZyHC9pp4MvEmUZx0GahkMSeVeGzy8m/JQ

wGNcJT3aidKkz0DPg8ifbw1u4gFKIJlQ/6QSodWdwoeqnbhNFWxHNuQEzXkLSkuv

SwaVduHihCBWWxB39QxPrZeMSITRcLzc9Rm03GiSFN1ZZxrxDK/l+MZ5G1F55M0n

lOloSXFsiakakH27YiYfN4fjQF这可是我的私钥啊。。。qMQ2NGaSbvwqwKVNvOnHzCz40DTW6QFG2ZHO

3JJjrZfiVQ1oSLXMoqdKSNZl7/zvJeAmvYwlGaUFkIXXnz1zb8CUi3wRf2m89a0N

gL7VWBk9rQp6BSGsjyz8kiRb8L7qDRUBXFjENLUcsFyk/JOX74iI5v6fLR68hhau

twdlKbl1A24wKX8AMFyPCVwacJ6n6/nVl/M/io/OOX04rZ76nyxDkslKNhSpt9Dy

hx2mlzBWcDbBoEtzl0evQdhWOkKCuaYCsUa80uaKzddBqg9Guw7Lc+3xRkKqWanM

MWDQVE/2iHdfZdGPSt1+U5fvNn2xP648

=p/mc

-----END PGP PRIVATE KEY BLOCK-----

gpg: Signature made Sat 26 Nov 2016 12:40:21 AM CST using RSA key ID 276856F7

gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

gpg: WARNING: message was not integrity protected

root@debian8:~#

或者：

root@debian8:~#

root@debian8:~# gpg -o FranklinYang.sec.key -d FranklinYang.sec.key.3des.sig.asc

You need a passphrase to unlock the secret key for

user: "debian8new"

2048-bit RSA key, ID CD540DDF, created 2016-11-26 (main key ID FE761741)

gpg: encrypted with 2048-bit RSA key, ID CD540DDF, created 2016-11-26

"debian8new"

gpg: Signature made Mon 28 Nov 2016 11:10:43 PM CST using RSA key ID 276856F7

gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

root@debian8:~#

[root@centos7 ~]#

[root@centos7 ~]# gpg -d FranklinYang.rsa.sec.key.sign.centos7.asc

You need a passphrase to unlock the secret key for

user: "centos7"

2048-bit ELG key, ID CDA873F4, created 2016-11-25 (main key ID 28D414A1)

gpg: encrypted with 2048-bit ELG key, ID CDA873F4, created 2016-11-25

"centos7"

-----BEGIN PGP PRIVATE KEY BLOCK-----

Version: GnuPG v2

lQIVBFg4PyYBEACTNyE3hnLtqHcGLQrjhh56yLtWiWJMxTeh26Xy378quxoGaLzC

JW9iOAq2AT67jdhYF6Lx7YE0YN1mPmzNhb8okhNdrP/wMxYHQB5mhxEeyLfPI6xG

HJ0gnDoHATmXteLTiWSxkPq这可是我的私钥啊。。。6mgvJz+wi3ivtQmvP8Xzt79GX2mrE491Vr3KZV

B02cBO/Gdwimnnpsbm4aR+mpTRahQf6DlC3mO/c5+42NDFYgY0zX7haMLpLwc/Gn

dUDUdNvgFFWX9IhtnLf1VRFU0borjtBLaezDN5LaUYEkIK0UxRAOQRi6EDb//5Ar

uM/gOyZe0VK8cl9YFc1IZ28RhkwrMMYnJR7Lj/O6k+vGQsbJcXp9xtnIudX/pJpk

TlweT7P0mCLBc5hxnYPYG2VYLuKlKNPiT0LaIJ+Z5uwH+Suzz7Llzk6mtAJ2eCJL

9FkFA561Ru+fWmbE9ESDsG这可是我的私钥啊。。。QnaFb3gB4P/0xNe8XZ1SdwlpRk0jShtaLg

JbstppuCERyk7sKL2jC/jfrXCNpk2gfDifjaMJTVVbTl2Miyv/nnXzyf2vyLJsks

f94n7+jbIJzwNwFU4DubNgr7NkKBB9bK7Iw+D8d7PzH7VTg9f0Sqnddw2so030xS

+w9XV1NzHtfbgotBlOIxZMe3CN0P8xDVCuva4J/H0Pto7n3/ziB0vHybXVm06C3d

OszafLr6dIhZS6kDjFV9rL/Zhtd766/6UTW/E13mrMlyEE3CqNJKvPb+m1hKG0jU

FrmSyP4FvarTQUqw+mcDNWGRfCcgYORHZrOl4S7g/ZepE+XFoVz0cL87k8FQ1Qvm

nG7qes+2MJ0ek这可是我的私钥啊。。。i21OxHZFNypnSRSqYd8oagIijXdCgD7/EZdAV8IKhjP

bLqmFnLfEiwy4rMzsxkghf/OtIcrt73TFhuXCgnnla8ukAhh7giEoO8AfBvyyakS

7XTPjGZokeF7ak/xeYrPptNma1yESvLK5aoxxwjtgx3vg9P0dFhTFG6eTUrDOanb

vmU2drRqu12K3p9T6Q5mzUzsUuHjfPpu50wZ8PEs2LyoZwNDjEXzFdBTxIH3wq7K

HxrfsNrdXF5E8gOas3XxU这可是我的私钥啊。。。tPUnATuK//iqoBjTwQ1ufbg85OdnY57Gq4aVT0

IJsZcwgcGeWZf0gRN7DBxf2kVl8HhC+FyQ14+lDHN0OrxMKYttH1xpA50qnV9qUr

+fcae+nNSm1D9KyYRRGARByg/aGpCDr8ed27YY6ZtQYd+v2Xwm/PByl7o2VER4Sb

iGnw5Ezti4VWptWCuVLqFAem2fhAH94T2TjoWzO1Ar9/mh698bKOXqnPIm8MB5L2

DD6x/5uFinU9tXDaluOZL4S1OP6kcsheF19Jf01GNLLFV8VCdhR2jtqT3bom1T8B

uxAFt4GjKDf1OEUfiK58nuUS/B3Ud7SpSJ4jIgcQ9nq6s46TtLs93hPKLp0gPy9D

DSLYhoJtFd6TZ9QRD08QR这可是我的私钥啊。。。QIbG7VDtFMrPCk38mykgsAElMyTOHe/258uvpSr

BDATnqHdKE4fEFSquYfjDeEZtWF6XGS5XAe/xHXQPbElWHesaNx/miRe5nd4ySVl

h270DT5ALO11eGiKkiMD4SPEzrZX7QEstJdDjdFWHVfGVINMiVM9wwJ5+oKqlPD6

TAoBq5+clOcR0/3YxxJaGCun1wGj2CE9arLhrJfQbrW6UQB/FP+l8dcmh1a365Uc

rln1nKaVyeROap8VOQNWqR0FzhkXd2qvWUG23dQcHwXCMfb0H9St5+XgG108+MDm

tEovoMxl1B+vRb2VZh这可是我的私钥啊。。。82/AjG9JWkXOmuBCx35lGGgDj0sqY49sb6c/npYZ

/3LJSI3rioane7qoz8HqzowaxON45glFYSCbXyV9asbRY+3UDRivvlr3abImCDGm

+BNEOZDrpA3U7kz5EvpVTQc0xjaqkO6679sDGvpYalXuruHOX84LyAGutroUk/WA

LW9WrBT7UGz4g4rG/dwN76OQIERo0o95qI7qQDTKam6cVjDSJJ2kiGgcE2LVHsGa

RXDv+DmSrBvOCU1E89yzzuJP/AFI04fkEmQgztnA0MoC//2Z6D9EUXV1qK89k4gs

fSLA6IB77cxHsEKcwTSHpKLaSWGxjOtob7lWFow5vc3U3AcS4m9bSFaLwkkfNn78

rd6XYC6EqZmzY2uTv4gb这可是我的私钥啊。。。9aAoGZyHC9pp4MvEmUZx0GahkMSeVeGzy8m/JQ

wGNcJT3aidKkz0DPg8ifbw1u4gFKIJlQ/6QSodWdwoeqnbhNFWxHNuQEzXkLSkuv

SwaVduHihCBWWxB39QxPrZeMSITRcLzc9Rm03GiSFN1ZZxrxDK/l+MZ5G1F55M0n

lOloSXFsiakakH27YiYfN4fjQFUCDKXRjT/Zpj4W2gGLwOHV7Vaq0DFpLypuC7u7

TIA0yVLX4X80rIuxXa3rdEv9Xb/nqMQ2NGaSbvwqwKVNvOnHzCz40DTW6QFG2ZHO

3JJjrZfiVQ1oSLXMoqdKSNZl这可是我的私钥啊。。。L7qDRUBXFjENLUcsFyk/JOX74iI5v6fLR68hhau

twdlKbl1A24wKX8AMFyPCVwacJ6n6/nVl/M/io/OOX04rZ76nyxDkslKNhSpt9Dy

hx2mlzBWcDbBoEtzl0evQdhWOkKCuaYCsUa80uaKzddBqg9Guw7Lc+3xRkKqWanM

MWDQVE/2iHdfZdGPSt1+U5fvNn2xP648

=p/mc

-----END PGP PRIVATE KEY BLOCK-----

gpg: Signature made Sat 26 Nov 2016 01:01:51 AM CST using RSA key ID 276856F7

gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

[root@centos7 ~]#

或者：

[root@centos7 ~]#

[root@centos7 ~]# gpg -o FranklinYang.sec.key -d FranklinYang.sec.key.2centos7.3des.sig.asc

You need a passphrase to unlock the secret key for

user: "centos7new"

2048-bit RSA key, ID 903BE0F0, created 2016-11-26 (main key ID F9F5A616)

gpg: encrypted with 2048-bit RSA key, ID 903BE0F0, created 2016-11-26

"centos7new"

gpg: Signature made Mon 28 Nov 2016 11:13:08 PM CST using RSA key ID 276856F7

gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

[root@centos7 ~]#

4 在其他电脑上，导入“我的私钥”

（同上）